News, tips, partners, and perspectives for the Oracle Solaris operating system

SCA 6000 for Oracle TDE

In February, I described, how to configure the softtoken store of the Solaris Cryptographic Framework as a "software-HSM" for Oracle TDE.  In the meantime, the SCA 6000 card was certified for use with Oracle TDE.  There is also a "Whitepaper" available, describing SCA 6000 setup and configuration for TDE.  I was lucky enough to get my hands on one of these cards and test for myself.  It works, of course.  What makes using the SCA 6000 so attractive is the additional possibilities the card has to offer.  You can lock and unlock the keystore to prevent any further wallet and column encryption operations.  You can also implement a Two-Person-Rule, using the card's software.  This allows to separate access to the master key from "normal" database administration.  This is often required in high-security environments.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.